Combine PHP prepared statments with LIKE

2019-01-12 06:36发布

站内问答 / PHP
1359 6 4

Anyone know how to combine PHP prepared statements with LIKE? i.e.

"SELECT * FROM table WHERE name LIKE %?%";

标签: php sql-like
举报
6条回答
啃猪蹄的小仙女
2楼-- · 2019-01-12 06:48

I will just adapt Chad Birch's answer for people like me who are used to utilize bindValue(...) for PDO:

$st = $db->prepare("SELECT * FROM table WHERE name LIKE :name");
$st->bindValue(':name','%'.$name.'%',PDO::PARAM_STR);
$st->execute();
查看更多
0人赞 添加讨论(0) 举报
虎瘦雄心在
3楼-- · 2019-01-12 06:50

You can use the concatenation operator of your respective sql database:

# oracle
SELECT * FROM table WHERE name LIKE '%' || :param || '%'
# mysql
SELECT * from table WHERE name LIKE CONCAT('%', :param, '%')

I'm not familar with other databases, but they probably have an equivalent function/operator.

查看更多
0人赞 添加讨论(0) 举报
一夜七次
4楼-- · 2019-01-12 07:06

in PHP using MYSQLI you need to define a new parameter which will be declared as:

$stmt = mysqli_prepare($con,"SELECT * FROM table WHERE name LIKE ?");
$newParameter='%'.$query.'%';
mysqli_stmt_bind_param($stmt, "s", $newParameter);
mysqli_stmt_execute($stmt);

this works for me..

查看更多
0人赞 添加讨论(0) 举报
小情绪 Triste *
5楼-- · 2019-01-12 07:09

You could try something like this:

"SELECT * FROM table WHERE name LIKE CONCAT(CONCAT('%',?),'%')"
查看更多
0人赞 添加讨论(0) 举报
萌系小妹纸
6楼-- · 2019-01-12 07:10

For me working great, I've looked for answer hours, thx.

    $dbPassword = "pass";
    $dbUserName = "dbusr";
    $dbServer = "localhost";
    $dbName = "mydb";

    $connection = new mysqli($dbServer, $dbUserName, $dbPassword, $dbName);

    if($connection->connect_errno)
    {
        exit("Database Connection Failed. Reason: ".$connection->connect_error);
    }
        $tempFirstName = "reuel";
    $sql = "SELECT first_name, last_name, pen_name FROM authors WHERE first_name LIKE CONCAT(CONCAT('%',?),'%')";
    //echo $sql;

    $stateObj = $connection->prepare($sql);
    $stateObj->bind_param("s",$tempFirstName);
    $stateObj->execute();
    $stateObj->bind_result($first,$last,$pen);
    $stateObj->store_result();

    if($stateObj->num_rows > 0) {
        while($stateObj->fetch()){
            echo "$first, $last \"$pen\"";
            echo '<br>';
        }
    }

    $stateObj->close();
    $connection->close();
查看更多
0人赞 添加讨论(0) 举报
Deceive 欺骗
7楼-- · 2019-01-12 07:13

The % signs need to go in the variable that you assign to the parameter, instead of in the query.

I don't know if you're using mysqli or PDO, but with PDO it would be something like:

$st = $db->prepare("SELECT * FROM table WHERE name LIKE ?");
$st->execute(array('%'.$test_string.'%'));

EDIT :: For mysqli user the following.

$test_string = '%' . $test_string . '%';
$st->bind_param('s', $test_string);
$st->execute();
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)